Thread context
4 posts in path
Root
@khm@hj.9fs.net
Open
@khm@hj.9fs.net
dear lazyweb, has anyone made a firefox extension yet that will just take a keepass .kdb file and put passwords into form fields without pinging some asshole's server about it like no network traffic
Ancestor 2
@northernscrub@m.dollha.us
Open
@northernscrub@m.dollha.us
@khm this is a substantial attack vector. Don't let browser extensions have access to your filesystem beyond their sandbox. https://addons.mozilla.org/en-US/firefox/addon/keepasshelper/ hooks in to ke
Parent
@khm@hj.9fs.net
Open
@khm@hj.9fs.net
nobody said anything about giving it access to my filesystem. I do not want to "hook in" to anything. I want to upload a file to the extension and have the extension read it. if ubo can do it, it can
Geordie programmer. Aspiring world dominator. Internet spaceship pilot. Always Northumbrian. Never British.
m.dollha.us
Geordie programmer. Aspiring world dominator. Internet spaceship pilot. Always Northumbrian. Never British.
m.dollha.us
@northernscrub@m.dollha.us
·
Feb 24, 2026
@khm ubo gets one-time access to a specific file. What you're describing is persistent access to not only a file, but filesystem flags to monitor change, and access to that file without immediate oversight. That's filesystem access. You could, of course, drop a file into the extension's sandbox instead - but then you either need to make the extension your primary password manager (please don't do this), or point your primary password manager at the extensions sandbox. The former becomes as vulnerable as any other browser extension, the latter is the same but is also annoying and technically breaks sandboxing. And do you really want to trust a browser that is moving to vibe coding?
View full thread on m.dollha.us
